Privacy Policy

This policy explains what personal data BlueCrazii processes, why it is used, how long it is kept, and what choices and rights you have.

Effective date: 28-04-2026
Contact: [email protected]
Operator: BlueCrazii, Netherlands

Privacy Policy

1. Who is responsible

BlueCrazii is responsible for the personal data processed through bluecrazii.nl and api.bluecrazii.nl.

BlueCrazii
Netherlands

2. What we collect

  • Account data: email address, display name, preferred color, password hash, account timestamps, and active session records.
  • Planner data: saved events, selected set IDs, plan titles, share links, and timestamps.
  • Friend room data: room code, event, room title, visibility, member display names, colors, roles, selections, join time, and last seen time.
  • Snapshots: shared snapshot ID, event, display name, color, selected set IDs, and creation time.
  • Feedback reports: report type, message, optional contact field, page URL, page title, set label, browser user agent, status, and timestamps.
  • Security and technical data: IP address used for rate limiting, request metadata in server logs, and security headers/cookies needed to operate the service.
  • Local browser storage: planner picks, room client token, display preferences, offline/service worker data, and your privacy preference.
  • Optional analytics: if you accept analytics, Matomo records page views and link interactions from analytics.bluecrazii.nl. The site disables Matomo analytics cookies in the browser.
  • Optional Google export: some timetable pages can export to Google Sheets or open Google Calendar links. When you use those buttons, Google processes the data needed for that action under Google's own terms and privacy policy.

3. Why we use data and legal bases

  • Provide the service: accounts, login sessions, saved plans, rooms, snapshots, and exports are processed to provide the features you request.
  • Security and abuse prevention: session cookies, rate limiting, request metadata, password reset tokens, and basic logs protect the service and users.
  • Support and corrections: feedback reports are used to fix timetable data, broken links, and product issues.
  • Analytics: optional Matomo analytics is processed only after consent and can be turned off at any time through Privacy settings.
  • Legal obligations: we may process or retain data if required by law or to respond to valid legal requests.

4. Cookies and local storage

Necessary cookies and storage are used for login, security, room membership, saved picks, offline support, and remembering privacy choices. They are not used for advertising.

Analytics is optional. The first visit asks whether you want to share your Roze Koeken, which means enabling optional analytics. You can change your choice at any time from the profile page under "Change your Roze Koeken here".

5. Sharing and processors

We do not sell personal data. Data may be processed by service providers that help run BlueCrazii, such as website/API hosting, database hosting, email delivery, backups, and analytics hosting. These providers may only process data for the service purposes above.

If you use Google Sheets or Google Calendar export features, data is sent to Google only for the action you start.

6. Retention

  • Account data is kept while your account exists.
  • Saved plans and room memberships are kept until you delete them, leave/delete the room, delete your account, or they are removed by retention cleanup.
  • Expired sessions and expired/used password reset tokens are deleted by cleanup.
  • Inactive rooms, old snapshots, and closed feedback reports are removed or minimized after the retention periods configured for the service.
  • Backups are kept only as long as needed for recovery and security, then deleted on a retention schedule.

7. Your rights

Depending on your situation, you may have the right to access, correct, delete, restrict, export, or object to the processing of your personal data. Where processing is based on consent, you can withdraw consent at any time.

If you have an account, your profile page includes account deletion and a data export download. You can also contact us by email.

We may ask for information to confirm your identity before acting on a request. We aim to respond within one month.

8. Security

BlueCrazii uses HTTPS in production, HTTP-only session cookies, password hashing, access controls, rate limiting, security headers, and database separation for API data. No internet service can be guaranteed perfectly secure, but we work to reduce risk and limit data collection.

9. Children

BlueCrazii is not intended for children below the minimum age required in their country. We do not knowingly collect personal data from children.

10. Complaints

If you think we have not handled your data properly, contact us first so we can try to fix it. You also have the right to complain to your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens.

11. Changes

We may update this policy as BlueCrazii changes. The effective date above shows when this version started applying.

BlueCrazii - Effective date 28-04-2026